diff --git a/2005/0xxx/CVE-2005-0116.json b/2005/0xxx/CVE-2005-0116.json index be7cdf8ea0e..d528973b5cd 100644 --- a/2005/0xxx/CVE-2005-0116.json +++ b/2005/0xxx/CVE-2005-0116.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050117 AWStats Remote Command Execution Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false" - }, - { - "name" : "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf" - }, - { - "name" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt" - }, - { - "name" : "VU#272296", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/272296" - }, - { - "name" : "12298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12298" - }, - { - "name" : "13002", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13002" - }, - { - "name" : "13893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13893/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050117 AWStats Remote Command Execution Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false" + }, + { + "name": "12298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12298" + }, + { + "name": "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf" + }, + { + "name": "VU#272296", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/272296" + }, + { + "name": "13002", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13002" + }, + { + "name": "13893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13893/" + }, + { + "name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt", + "refsource": "CONFIRM", + "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0138.json b/2005/0xxx/CVE-2005-0138.json index 3e4436de67d..a6d88d66dd1 100644 --- a/2005/0xxx/CVE-2005-0138.json +++ b/2005/0xxx/CVE-2005-0138.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050601-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U" - }, - { - "name" : "P-214", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-214.shtml" - }, - { - "name" : "ADV-2005-0702", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0702" - }, - { - "name" : "15619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050601-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U" + }, + { + "name": "ADV-2005-0702", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0702" + }, + { + "name": "15619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15619" + }, + { + "name": "P-214", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-214.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0870.json b/2005/0xxx/CVE-2005-0870.json index 7087c6e7d40..52c94c258bc 100644 --- a/2005/0xxx/CVE-2005-0870.json +++ b/2005/0xxx/CVE-2005-0870.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111161017209422&w=2" - }, - { - "name" : "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416543" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118" - }, - { - "name" : "DSA-724", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-724" - }, - { - "name" : "DSA-897", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-897" - }, - { - "name" : "DSA-898", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-898" - }, - { - "name" : "DSA-899", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-899" - }, - { - "name" : "MDKSA-2005:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212" - }, - { - "name" : "15414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15414" - }, - { - "name" : "12887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12887" - }, - { - "name" : "14690", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14690/" - }, - { - "name" : "17616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17616" - }, - { - "name" : "17643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17643" - }, - { - "name" : "phpsysinfo-sensor-program-xss(19807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17616" + }, + { + "name": "MDKSA-2005:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212" + }, + { + "name": "15414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15414" + }, + { + "name": "14690", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14690/" + }, + { + "name": "DSA-898", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-898" + }, + { + "name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111161017209422&w=2" + }, + { + "name": "phpsysinfo-sensor-program-xss(19807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807" + }, + { + "name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416543" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118" + }, + { + "name": "12887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12887" + }, + { + "name": "DSA-897", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-897" + }, + { + "name": "DSA-724", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-724" + }, + { + "name": "DSA-899", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-899" + }, + { + "name": "17643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17643" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0887.json b/2005/0xxx/CVE-2005-0887.json index c0fd523fcdd..75622100422 100644 --- a/2005/0xxx/CVE-2005-0887.json +++ b/2005/0xxx/CVE-2005-0887.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=315144", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=315144" - }, - { - "name" : "1013559", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013559" - }, - { - "name" : "14688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14688" - }, - { - "name" : "dcl-file-include(19806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14688" + }, + { + "name": "dcl-file-include(19806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19806" + }, + { + "name": "1013559", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013559" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=315144", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=315144" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1045.json b/2005/1xxx/CVE-2005-1045.json index 49b8e9b71c3..88fa6744087 100644 --- a/2005/1xxx/CVE-2005-1045.json +++ b/2005/1xxx/CVE-2005-1045.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050408 OpenText FirstClass 8.0 Client Arbitrary File Execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111323587931293&w=2" - }, - { - "name" : "13079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13079" - }, - { - "name" : "15356", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15356" - }, - { - "name" : "14898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14898/" - }, - { - "name" : "1013665", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013665" - }, - { - "name" : "firstclass-bookmark-command-execution(20032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15356", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15356" + }, + { + "name": "13079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13079" + }, + { + "name": "1013665", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013665" + }, + { + "name": "14898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14898/" + }, + { + "name": "20050408 OpenText FirstClass 8.0 Client Arbitrary File Execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111323587931293&w=2" + }, + { + "name": "firstclass-bookmark-command-execution(20032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20032" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1530.json b/2005/1xxx/CVE-2005-1530.json index 15d317eea67..904d556482a 100644 --- a/2005/1xxx/CVE-2005-1530.json +++ b/2005/1xxx/CVE-2005-1530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sophos Anti-Virus 5.0.1, with \"Scan inside archive files\" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050714 Sophos Anti-Virus Zip File Handling DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "14270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14270" - }, - { - "name" : "1014488", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014488" - }, - { - "name" : "sophos-bzip2-dos(21373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sophos Anti-Virus 5.0.1, with \"Scan inside archive files\" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14270" + }, + { + "name": "20050714 Sophos Anti-Virus Zip File Handling DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true" + }, + { + "name": "1014488", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014488" + }, + { + "name": "sophos-bzip2-dos(21373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21373" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1574.json b/2005/1xxx/CVE-2005-1574.json index c5882aa4828..d19c79b84fe 100644 --- a/2005/1xxx/CVE-2005-1574.json +++ b/2005/1xxx/CVE-2005-1574.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the \"Acquire licenses automatically for protected content\" setting is not enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "892313", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];892313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the \"Acquire licenses automatically for protected content\" setting is not enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "892313", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];892313" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3543.json b/2005/3xxx/CVE-2005-3543.json index 2831e9af717..1d52d07ac6c 100644 --- a/2005/3xxx/CVE-2005-3543.json +++ b/2005/3xxx/CVE-2005-3543.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 [waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113122911424216&w=2" - }, - { - "name" : "http://www.waraxe.us/advisory-43.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-43.html" - }, - { - "name" : "http://phorum.org/story.php?57", - "refsource" : "CONFIRM", - "url" : "http://phorum.org/story.php?57" - }, - { - "name" : "ADV-2005-2332", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2332" - }, - { - "name" : "20524", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20524" - }, - { - "name" : "17456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17456" - }, - { - "name" : "153", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/advisory-43.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-43.html" + }, + { + "name": "17456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17456" + }, + { + "name": "20051104 [waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113122911424216&w=2" + }, + { + "name": "153", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/153" + }, + { + "name": "ADV-2005-2332", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2332" + }, + { + "name": "20524", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20524" + }, + { + "name": "http://phorum.org/story.php?57", + "refsource": "CONFIRM", + "url": "http://phorum.org/story.php?57" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3644.json b/2005/3xxx/CVE-2005-3644.json index 7eec12aa0fd..72a1b7699fb 100644 --- a/2005/3xxx/CVE-2005-3644.json +++ b/2005/3xxx/CVE-2005-3644.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-3644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1328", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1328" - }, - { - "name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116", - "refsource" : "MISC", - "url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116" - }, - { - "name" : "911052", - "refsource" : "MSKB", - "url" : "http://www.microsoft.com/technet/security/advisory/911052.mspx" - }, - { - "name" : "http://www.securiteam.com/exploits/6V00C15EKM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/6V00C15EKM.html" - }, - { - "name" : "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php" - }, - { - "name" : "http://research.eeye.com/html/alerts/zeroday/20051116.html", - "refsource" : "MISC", - "url" : "http://research.eeye.com/html/alerts/zeroday/20051116.html" - }, - { - "name" : "15460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15460" - }, - { - "name" : "1015233", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015233" - }, - { - "name" : "17595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "911052", + "refsource": "MSKB", + "url": "http://www.microsoft.com/technet/security/advisory/911052.mspx" + }, + { + "name": "15460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15460" + }, + { + "name": "1015233", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015233" + }, + { + "name": "http://www.securiteam.com/exploits/6V00C15EKM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/6V00C15EKM.html" + }, + { + "name": "17595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17595" + }, + { + "name": "http://research.eeye.com/html/alerts/zeroday/20051116.html", + "refsource": "MISC", + "url": "http://research.eeye.com/html/alerts/zeroday/20051116.html" + }, + { + "name": "1328", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1328" + }, + { + "name": "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php", + "refsource": "MISC", + "url": "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php" + }, + { + "name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116", + "refsource": "MISC", + "url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3697.json b/2005/3xxx/CVE-2005-3697.json index 665ea5fbab0..1a0b911a6b2 100644 --- a/2005/3xxx/CVE-2005-3697.json +++ b/2005/3xxx/CVE-2005-3697.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15469" - }, - { - "name" : "17625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15469" + }, + { + "name": "17625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17625" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3848.json b/2005/3xxx/CVE-2005-3848.json index f3be39cef8d..014dfcd9d56 100644 --- a/2005/3xxx/CVE-2005-3848.json +++ b/2005/3xxx/CVE-2005-3848.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka \"DST leak in icmp_push_reply.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20050817 [PATCH] fix dst_entry leak in icmp_push_reply()", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=112431016816937&w=2" - }, - { - "name" : "[linux-kernel] 20050818 Re: [PATCH] fix dst_entry leak in icmp_push_reply()", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=112439084918917&w=2" - }, - { - "name" : "[linux-kernel] 20050826 [PATCH 4/7] [IPV4]: Fix DST leak in icmp_push_reply()", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=112508479212728&w=2" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch" - }, - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "DSA-1018", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1018" - }, - { - "name" : "MDKSA-2006:072", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072" - }, - { - "name" : "RHSA-2006:0101", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html" - }, - { - "name" : "RHSA-2006:0140", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0140.html" - }, - { - "name" : "SUSE-SA:2006:012", - "refsource" : "SUSE", - "url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html" - }, - { - "name" : "USN-231-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/231-1/" - }, - { - "name" : "16044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16044" - }, - { - "name" : "oval:org.mitre.oval:def:11346", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11346" - }, - { - "name" : "18203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18203" - }, - { - "name" : "18510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18510" - }, - { - "name" : "18562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18562" - }, - { - "name" : "19038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19038" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "19369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka \"DST leak in icmp_push_reply.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0140", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0140.html" + }, + { + "name": "19038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19038" + }, + { + "name": "[linux-kernel] 20050817 [PATCH] fix dst_entry leak in icmp_push_reply()", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=112431016816937&w=2" + }, + { + "name": "[linux-kernel] 20050826 [PATCH 4/7] [IPV4]: Fix DST leak in icmp_push_reply()", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=112508479212728&w=2" + }, + { + "name": "19369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19369" + }, + { + "name": "18203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18203" + }, + { + "name": "RHSA-2006:0101", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html" + }, + { + "name": "16044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16044" + }, + { + "name": "DSA-1018", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1018" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a" + }, + { + "name": "oval:org.mitre.oval:def:11346", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11346" + }, + { + "name": "18510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18510" + }, + { + "name": "SUSE-SA:2006:012", + "refsource": "SUSE", + "url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html" + }, + { + "name": "MDKSA-2006:072", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + }, + { + "name": "[linux-kernel] 20050818 Re: [PATCH] fix dst_entry leak in icmp_push_reply()", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=112439084918917&w=2" + }, + { + "name": "USN-231-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/231-1/" + }, + { + "name": "18562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18562" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3854.json b/2005/3xxx/CVE-2005-3854.json index a39663bb9cc..c5e35666b0c 100644 --- a/2005/3xxx/CVE-2005-3854.json +++ b/2005/3xxx/CVE-2005-3854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt" - }, - { - "name" : "21007", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21007" - }, - { - "name" : "1015211", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21007", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21007" + }, + { + "name": "1015211", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015211" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4175.json b/2005/4xxx/CVE-2005-4175.json index 9db130e186e..3d5355202d4 100644 --- a/2005/4xxx/CVE-2005-4175.json +++ b/2005/4xxx/CVE-2005-4175.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051213 Bios Information Leakage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419610/100/0/threaded" - }, - { - "name" : "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt", - "refsource" : "MISC", - "url" : "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt" - }, - { - "name" : "http://www.ivizsecurity.com/preboot-patch.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/preboot-patch.html" - }, - { - "name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" - }, - { - "name" : "VU#847537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/847537" - }, - { - "name" : "15751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ivizsecurity.com/preboot-patch.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/preboot-patch.html" + }, + { + "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" + }, + { + "name": "15751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15751" + }, + { + "name": "20051213 Bios Information Leakage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419610/100/0/threaded" + }, + { + "name": "VU#847537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/847537" + }, + { + "name": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt", + "refsource": "MISC", + "url": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4274.json b/2005/4xxx/CVE-2005-4274.json index d44dd26f8d6..4466cc272d8 100644 --- a/2005/4xxx/CVE-2005-4274.json +++ b/2005/4xxx/CVE-2005-4274.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419493/100/0/threaded" - }, - { - "name" : "1015355", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015355", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015355" + }, + { + "name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4845.json b/2005/4xxx/CVE-2005-4845.json index 53cfdb41dd5..1bcba6a54df 100644 --- a/2005/4xxx/CVE-2005-4845.json +++ b/2005/4xxx/CVE-2005-4845.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050301 IObjectSafety and Internet Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/391803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050301 IObjectSafety and Internet Explorer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/391803" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0324.json b/2009/0xxx/CVE-2009-0324.json index 6f95501c2be..2c998e2d634 100644 --- a/2009/0xxx/CVE-2009-0324.json +++ b/2009/0xxx/CVE-2009-0324.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7814", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7814" - }, - { - "name" : "http://bibciter.sourceforge.net/?p=35", - "refsource" : "CONFIRM", - "url" : "http://bibciter.sourceforge.net/?p=35" - }, - { - "name" : "33329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33329" - }, - { - "name" : "33555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33555" - }, - { - "name" : "bibciter-projects-sql-injection(48080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33329" + }, + { + "name": "7814", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7814" + }, + { + "name": "bibciter-projects-sql-injection(48080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48080" + }, + { + "name": "http://bibciter.sourceforge.net/?p=35", + "refsource": "CONFIRM", + "url": "http://bibciter.sourceforge.net/?p=35" + }, + { + "name": "33555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33555" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0413.json b/2009/0xxx/CVE-2009-0413.json index c1efd2ebfca..cfed46f90f6 100644 --- a/2009/0xxx/CVE-2009-0413.json +++ b/2009/0xxx/CVE-2009-0413.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.roundcube.net/changeset/2245", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/changeset/2245" - }, - { - "name" : "FEDORA-2009-1256", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00082.html" - }, - { - "name" : "33372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33372" - }, - { - "name" : "33827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33827" - }, - { - "name" : "ADV-2009-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0192" - }, - { - "name" : "33622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33622" - }, - { - "name" : "roundcube-html-xss(48129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.roundcube.net/changeset/2245", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/changeset/2245" + }, + { + "name": "ADV-2009-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0192" + }, + { + "name": "33372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33372" + }, + { + "name": "roundcube-html-xss(48129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48129" + }, + { + "name": "33622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33622" + }, + { + "name": "33827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33827" + }, + { + "name": "FEDORA-2009-1256", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00082.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0465.json b/2009/0xxx/CVE-2009-0465.json index 83ab49420b4..029b4793c0a 100644 --- a/2009/0xxx/CVE-2009-0465.json +++ b/2009/0xxx/CVE-2009-0465.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7928", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7928" - }, - { - "name" : "http://www.dsecrg.com/pages/vul/show.php?id=62", - "refsource" : "MISC", - "url" : "http://www.dsecrg.com/pages/vul/show.php?id=62" - }, - { - "name" : "33535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33535" - }, - { - "name" : "51693", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51693" - }, - { - "name" : "33728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33728" - }, - { - "name" : "ADV-2009-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33535" + }, + { + "name": "51693", + "refsource": "OSVDB", + "url": "http://osvdb.org/51693" + }, + { + "name": "http://www.dsecrg.com/pages/vul/show.php?id=62", + "refsource": "MISC", + "url": "http://www.dsecrg.com/pages/vul/show.php?id=62" + }, + { + "name": "ADV-2009-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0298" + }, + { + "name": "33728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33728" + }, + { + "name": "7928", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7928" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0622.json b/2009/0xxx/CVE-2009-0622.json index 202a0e4743d..a653e435ddd 100644 --- a/2009/0xxx/CVE-2009-0622.json +++ b/2009/0xxx/CVE-2009-0622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml" - }, - { - "name" : "33900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml" + }, + { + "name": "33900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33900" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1865.json b/2009/1xxx/CVE-2009-1865.json index c99897e80fe..aedbefe5ec3 100644 --- a/2009/1xxx/CVE-2009-1865.json +++ b/2009/1xxx/CVE-2009-1865.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html" - }, - { - "name" : "http://support.apple.com/kb/HT3864", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3864" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "GLSA-200908-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200908-04.xml" - }, - { - "name" : "266108", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" - }, - { - "name" : "35890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35890" - }, - { - "name" : "35906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35906" - }, - { - "name" : "oval:org.mitre.oval:def:7011", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" - }, - { - "name" : "oval:org.mitre.oval:def:16338", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" - }, - { - "name" : "1022629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022629" - }, - { - "name" : "36193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36193" - }, - { - "name" : "36374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36374" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "ADV-2009-2086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2086" - }, - { - "name" : "flash-air-code-execution-var1(52182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "266108", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" + }, + { + "name": "APPLE-SA-2009-09-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" + }, + { + "name": "GLSA-200908-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" + }, + { + "name": "http://support.apple.com/kb/HT3864", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3864" + }, + { + "name": "oval:org.mitre.oval:def:7011", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" + }, + { + "name": "1022629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022629" + }, + { + "name": "flash-air-code-execution-var1(52182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "ADV-2009-2086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2086" + }, + { + "name": "35890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35890" + }, + { + "name": "oval:org.mitre.oval:def:16338", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" + }, + { + "name": "36374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36374" + }, + { + "name": "35906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35906" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36193" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1903.json b/2009/1xxx/CVE-2009-1903.json index 499da82da5b..b6108da7918 100644 --- a/2009/1xxx/CVE-2009-1903.json +++ b/2009/1xxx/CVE-2009-1903.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=667538", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=667538" - }, - { - "name" : "FEDORA-2009-2654", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html" - }, - { - "name" : "FEDORA-2009-2686", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html" - }, - { - "name" : "GLSA-200907-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-02.xml" - }, - { - "name" : "34096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34096" - }, - { - "name" : "52552", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/52552" - }, - { - "name" : "34256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34256" - }, - { - "name" : "34311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34311" - }, - { - "name" : "35687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35687" - }, - { - "name" : "ADV-2009-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0703" - }, - { - "name" : "modsecurity-pdfxss-dos(49211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-2654", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html" + }, + { + "name": "52552", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/52552" + }, + { + "name": "GLSA-200907-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-02.xml" + }, + { + "name": "34256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34256" + }, + { + "name": "35687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35687" + }, + { + "name": "34311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34311" + }, + { + "name": "FEDORA-2009-2686", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=667538", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=667538" + }, + { + "name": "modsecurity-pdfxss-dos(49211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49211" + }, + { + "name": "ADV-2009-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0703" + }, + { + "name": "34096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34096" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3394.json b/2009/3xxx/CVE-2009-3394.json index 26b8927d261..1595d887bf0 100644 --- a/2009/3xxx/CVE-2009-3394.json +++ b/2009/3xxx/CVE-2009-3394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3394", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3394", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3609.json b/2009/3xxx/CVE-2009-3609.json index 34f7efd623f..90c67b81311 100644 --- a/2009/3xxx/CVE-2009-3609.json +++ b/2009/3xxx/CVE-2009-3609.json @@ -1,312 +1,312 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" - }, - { - "name" : "http://poppler.freedesktop.org/", - "refsource" : "CONFIRM", - "url" : "http://poppler.freedesktop.org/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526893", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526893" - }, - { - "name" : "DSA-2028", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2028" - }, - { - "name" : "DSA-2050", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2050" - }, - { - "name" : "FEDORA-2009-10823", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" - }, - { - "name" : "FEDORA-2009-10845", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" - }, - { - "name" : "FEDORA-2010-1377", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" - }, - { - "name" : "FEDORA-2010-1805", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" - }, - { - "name" : "FEDORA-2010-1842", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" - }, - { - "name" : "MDVSA-2009:287", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" - }, - { - "name" : "MDVSA-2009:334", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" - }, - { - "name" : "MDVSA-2011:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" - }, - { - "name" : "RHSA-2009:1500", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1500.html" - }, - { - "name" : "RHSA-2009:1501", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1501.html" - }, - { - "name" : "RHSA-2009:1502", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1502.html" - }, - { - "name" : "RHSA-2009:1503", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1503.html" - }, - { - "name" : "RHSA-2009:1504", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1504.html" - }, - { - "name" : "RHSA-2009:1512", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1512.html" - }, - { - "name" : "RHSA-2009:1513", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1513.html" - }, - { - "name" : "RHSA-2010:0755", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0755.html" - }, - { - "name" : "274030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" - }, - { - "name" : "1021706", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "USN-850-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-1" - }, - { - "name" : "USN-850-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-850-3" - }, - { - "name" : "36703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36703" - }, - { - "name" : "oval:org.mitre.oval:def:11043", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043" - }, - { - "name" : "oval:org.mitre.oval:def:8134", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134" - }, - { - "name" : "1023029", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023029" - }, - { - "name" : "37023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37023" - }, - { - "name" : "37028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37028" - }, - { - "name" : "37034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37034" - }, - { - "name" : "37037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37037" - }, - { - "name" : "37043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37043" - }, - { - "name" : "37051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37051" - }, - { - "name" : "37054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37054" - }, - { - "name" : "37061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37061" - }, - { - "name" : "37077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37077" - }, - { - "name" : "37079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37079" - }, - { - "name" : "37159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37159" - }, - { - "name" : "37114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37114" - }, - { - "name" : "39327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39327" - }, - { - "name" : "39938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39938" - }, - { - "name" : "ADV-2009-2924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2924" - }, - { - "name" : "ADV-2009-2925", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2925" - }, - { - "name" : "ADV-2009-2926", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2926" - }, - { - "name" : "ADV-2009-2928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2928" - }, - { - "name" : "ADV-2010-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0802" - }, - { - "name" : "ADV-2010-1220", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1220" - }, - { - "name" : "xpdf-imagestream-dos(53800)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39938" + }, + { + "name": "RHSA-2009:1504", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html" + }, + { + "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch" + }, + { + "name": "MDVSA-2009:287", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287" + }, + { + "name": "37028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37028" + }, + { + "name": "FEDORA-2010-1377", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html" + }, + { + "name": "FEDORA-2009-10823", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html" + }, + { + "name": "http://poppler.freedesktop.org/", + "refsource": "CONFIRM", + "url": "http://poppler.freedesktop.org/" + }, + { + "name": "RHSA-2009:1501", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" + }, + { + "name": "37079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37079" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:8134", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134" + }, + { + "name": "DSA-2028", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2028" + }, + { + "name": "DSA-2050", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2050" + }, + { + "name": "37159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37159" + }, + { + "name": "37054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37054" + }, + { + "name": "FEDORA-2010-1805", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html" + }, + { + "name": "1021706", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" + }, + { + "name": "FEDORA-2009-10845", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html" + }, + { + "name": "RHSA-2009:1512", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" + }, + { + "name": "37114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37114" + }, + { + "name": "37077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37077" + }, + { + "name": "oval:org.mitre.oval:def:11043", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043" + }, + { + "name": "1023029", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023029" + }, + { + "name": "RHSA-2009:1503", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" + }, + { + "name": "ADV-2009-2926", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2926" + }, + { + "name": "MDVSA-2011:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526893", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893" + }, + { + "name": "xpdf-imagestream-dos(53800)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800" + }, + { + "name": "37037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37037" + }, + { + "name": "USN-850-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-3" + }, + { + "name": "ADV-2010-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0802" + }, + { + "name": "RHSA-2009:1502", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" + }, + { + "name": "FEDORA-2010-1842", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html" + }, + { + "name": "RHSA-2009:1500", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" + }, + { + "name": "ADV-2009-2928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2928" + }, + { + "name": "RHSA-2009:1513", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html" + }, + { + "name": "37034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37034" + }, + { + "name": "37023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37023" + }, + { + "name": "ADV-2009-2924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2924" + }, + { + "name": "37051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37051" + }, + { + "name": "274030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" + }, + { + "name": "ADV-2010-1220", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1220" + }, + { + "name": "USN-850-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-850-1" + }, + { + "name": "37061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37061" + }, + { + "name": "39327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39327" + }, + { + "name": "37043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37043" + }, + { + "name": "36703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36703" + }, + { + "name": "ADV-2009-2925", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2925" + }, + { + "name": "RHSA-2010:0755", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html" + }, + { + "name": "MDVSA-2009:334", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3640.json b/2009/3xxx/CVE-2009-3640.json index 996b3282346..b9f9505105f 100644 --- a/2009/3xxx/CVE-2009-3640.json +++ b/2009/3xxx/CVE-2009-3640.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091023 CVE request: kvm: update_cr8_intercept() NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125626965020571&w=2" - }, - { - "name" : "[oss-security] 20091024 Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125640417219385&w=2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1" - }, - { - "name" : "36805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36805" - }, - { - "name" : "kernel-updatecr8intercept-dos(53947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af" + }, + { + "name": "[oss-security] 20091023 CVE request: kvm: update_cr8_intercept() NULL pointer dereference", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125626965020571&w=2" + }, + { + "name": "[oss-security] 20091024 Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125640417219385&w=2" + }, + { + "name": "36805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36805" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1" + }, + { + "name": "kernel-updatecr8intercept-dos(53947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53947" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4011.json b/2009/4xxx/CVE-2009-4011.json index f4f29ed8caf..ff561c0b9c2 100644 --- a/2009/4xxx/CVE-2009-4011.json +++ b/2009/4xxx/CVE-2009-4011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4499.json b/2009/4xxx/CVE-2009-4499.json index 463cfabf91a..d5539d732fd 100644 --- a/2009/4xxx/CVE-2009-4499.json +++ b/2009/4xxx/CVE-2009-4499.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091213 Zabbix Server : Multiple remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508436/30/60/threaded" - }, - { - "name" : "https://support.zabbix.com/browse/ZBX-1031", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-1031" - }, - { - "name" : "37740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37740" - }, - { - "name" : "ADV-2009-3514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091213 Zabbix Server : Multiple remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508436/30/60/threaded" + }, + { + "name": "https://support.zabbix.com/browse/ZBX-1031", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-1031" + }, + { + "name": "37740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37740" + }, + { + "name": "ADV-2009-3514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3514" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4845.json b/2009/4xxx/CVE-2009-4845.json index 32fbd9641b3..5a29bda08fb 100644 --- a/2009/4xxx/CVE-2009-4845.json +++ b/2009/4xxx/CVE-2009-4845.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" - }, - { - "name" : "virtualiq-ssh-information-disclosure(58575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" + }, + { + "name": "virtualiq-ssh-information-disclosure(58575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58575" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2100.json b/2012/2xxx/CVE-2012-2100.json index fed7acbc8ee..d18f7663f1b 100644 --- a/2012/2xxx/CVE-2012-2100.json +++ b/2012/2xxx/CVE-2012-2100.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120412 Re: fix to CVE-2009-4307", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/12/11" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=809687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=809687" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b" - }, - { - "name" : "RHSA-2012:1445", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1445.html" - }, - { - "name" : "RHSA-2012:1580", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1580.html" - }, - { - "name" : "53414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1580", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=809687", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809687" + }, + { + "name": "RHSA-2012:1445", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1445.html" + }, + { + "name": "53414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53414" + }, + { + "name": "[oss-security] 20120412 Re: fix to CVE-2009-4307", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/12/11" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b" + }, + { + "name": "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2130.json b/2012/2xxx/CVE-2012-2130.json index 4fed931da1a..1d7086382d5 100644 --- a/2012/2xxx/CVE-2012-2130.json +++ b/2012/2xxx/CVE-2012-2130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2270.json b/2012/2xxx/CVE-2012-2270.json index dc92c3b3f7d..91ac0967447 100644 --- a/2012/2xxx/CVE-2012-2270.json +++ b/2012/2xxx/CVE-2012-2270.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html" - }, - { - "name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1" - }, - { - "name" : "[oss-security] 20120901 Re: CVE - ownCloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2" - }, - { - "name" : "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt", - "refsource" : "MISC", - "url" : "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt" - }, - { - "name" : "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://owncloud.org/security/advisories/CVE-2012-2270/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/security/advisories/CVE-2012-2270/" - }, - { - "name" : "53145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53145" - }, - { - "name" : "81211", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81211" - }, - { - "name" : "48850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48850" - }, - { - "name" : "owncloud-index-open-redirect(75029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/security/advisories/CVE-2012-2270/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/security/advisories/CVE-2012-2270/" + }, + { + "name": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt", + "refsource": "MISC", + "url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt" + }, + { + "name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/11/1" + }, + { + "name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html" + }, + { + "name": "[oss-security] 20120901 Re: CVE - ownCloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/2" + }, + { + "name": "48850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48850" + }, + { + "name": "53145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53145" + }, + { + "name": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html" + }, + { + "name": "owncloud-index-open-redirect(75029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029" + }, + { + "name": "81211", + "refsource": "OSVDB", + "url": "http://osvdb.org/81211" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2296.json b/2012/2xxx/CVE-2012-2296.json index d23f4a981f3..4e2c0b2c718 100644 --- a/2012/2xxx/CVE-2012-2296.json +++ b/2012/2xxx/CVE-2012-2296.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/10/12" - }, - { - "name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1" - }, - { - "name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2" - }, - { - "name" : "http://drupal.org/node/1515282", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1515282" - }, - { - "name" : "http://drupal.org/node/1515114", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1515114" - }, - { - "name" : "http://drupal.org/node/1515120", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1515120" - }, - { - "name" : "janrain-drupalcontent-info-disclosure(74616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1515282", + "refsource": "MISC", + "url": "http://drupal.org/node/1515282" + }, + { + "name": "http://drupal.org/node/1515114", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1515114" + }, + { + "name": "[oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/10/12" + }, + { + "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2" + }, + { + "name": "http://drupal.org/node/1515120", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1515120" + }, + { + "name": "janrain-drupalcontent-info-disclosure(74616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74616" + }, + { + "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2338.json b/2012/2xxx/CVE-2012-2338.json index 56ba865cca5..ad1ae10bfbe 100644 --- a/2012/2xxx/CVE-2012-2338.json +++ b/2012/2xxx/CVE-2012-2338.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120510 CVE-request: galette sql injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/10/5" - }, - { - "name" : "[oss-security] 20120510 Re: CVE-request: galette sql injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/11/1" - }, - { - "name" : "http://redmine.ulysses.fr/issues/250", - "refsource" : "MISC", - "url" : "http://redmine.ulysses.fr/issues/250" - }, - { - "name" : "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba", - "refsource" : "CONFIRM", - "url" : "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba" - }, - { - "name" : "53463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120510 Re: CVE-request: galette sql injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/11/1" + }, + { + "name": "53463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53463" + }, + { + "name": "[oss-security] 20120510 CVE-request: galette sql injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/10/5" + }, + { + "name": "http://redmine.ulysses.fr/issues/250", + "refsource": "MISC", + "url": "http://redmine.ulysses.fr/issues/250" + }, + { + "name": "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba", + "refsource": "CONFIRM", + "url": "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2394.json b/2012/2xxx/CVE-2012-2394.json index 340847cb799..4eb4a1ee45d 100644 --- a/2012/2xxx/CVE-2012-2394.json +++ b/2012/2xxx/CVE-2012-2394.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-10.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221" - }, - { - "name" : "MDVSA-2012:015", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015" - }, - { - "name" : "MDVSA-2012:042", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042" - }, - { - "name" : "MDVSA-2012:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080" - }, - { - "name" : "53653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53653" - }, - { - "name" : "1027094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027094" - }, - { - "name" : "49226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:015", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393" + }, + { + "name": "1027094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027094" + }, + { + "name": "MDVSA-2012:042", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-10.html" + }, + { + "name": "49226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49226" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221" + }, + { + "name": "MDVSA-2012:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080" + }, + { + "name": "53653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53653" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6042.json b/2012/6xxx/CVE-2012-6042.json index 0a1f9ba118e..68917706c3a 100644 --- a/2012/6xxx/CVE-2012-6042.json +++ b/2012/6xxx/CVE-2012-6042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18339", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18339" - }, - { - "name" : "51327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18339", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18339" + }, + { + "name": "51327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51327" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6135.json b/2012/6xxx/CVE-2012-6135.json index c427b9e0b44..9fae0eea461 100644 --- a/2012/6xxx/CVE-2012-6135.json +++ b/2012/6xxx/CVE-2012-6135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6135", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6135", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6538.json b/2012/6xxx/CVE-2012-6538.json index 23cf2f783f7..915064f8c80 100644 --- a/2012/6xxx/CVE-2012-6538.json +++ b/2012/6xxx/CVE-2012-6538.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9" - }, - { - "name" : "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" - }, - { - "name" : "RHSA-2013:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9" + }, + { + "name": "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" + }, + { + "name": "RHSA-2013:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0616.json b/2015/0xxx/CVE-2015-0616.json index 25f0adabef7..43363a06d6c 100644 --- a/2015/0xxx/CVE-2015-0616.json +++ b/2015/0xxx/CVE-2015-0616.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150401 Multiple Vulnerabilities in Cisco Unity Connection", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc" - }, - { - "name" : "1032010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150401 Multiple Vulnerabilities in Cisco Unity Connection", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc" + }, + { + "name": "1032010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032010" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1034.json b/2015/1xxx/CVE-2015-1034.json index 287bb186035..623228dee7e 100644 --- a/2015/1xxx/CVE-2015-1034.json +++ b/2015/1xxx/CVE-2015-1034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1034", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1034", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1337.json b/2015/1xxx/CVE-2015-1337.json index a91e83f0758..a2fae85fc15 100644 --- a/2015/1xxx/CVE-2015-1337.json +++ b/2015/1xxx/CVE-2015-1337.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004" - }, - { - "name" : "USN-2746-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2746-1" - }, - { - "name" : "USN-2746-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2746-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2746-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2746-1" + }, + { + "name": "USN-2746-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2746-2" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1712.json b/2015/1xxx/CVE-2015-1712.json index 6f450f00fe1..a9d599e15be 100644 --- a/2015/1xxx/CVE-2015-1712.json +++ b/2015/1xxx/CVE-2015-1712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1691." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74515" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1691." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74515" + }, + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1902.json b/2015/1xxx/CVE-2015-1902.json index f66e743b361..8c9a937980a 100644 --- a/2015/1xxx/CVE-2015-1902.json +++ b/2015/1xxx/CVE-2015-1902.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-193", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-193" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883245", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883245" - }, - { - "name" : "74597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74597" - }, - { - "name" : "1032376", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245" + }, + { + "name": "1032376", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032376" + }, + { + "name": "74597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74597" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-193", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5398.json b/2015/5xxx/CVE-2015-5398.json index 791cd8d2f2b..1aff3ba64c5 100644 --- a/2015/5xxx/CVE-2015-5398.json +++ b/2015/5xxx/CVE-2015-5398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5777.json b/2015/5xxx/CVE-2015-5777.json index 4c1bbcf483e..0752abd0996 100644 --- a/2015/5xxx/CVE-2015-5777.json +++ b/2015/5xxx/CVE-2015-5777.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11200.json b/2018/11xxx/CVE-2018-11200.json index b90c058582c..f9ee4c0b551 100644 --- a/2018/11xxx/CVE-2018-11200.json +++ b/2018/11xxx/CVE-2018-11200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11272.json b/2018/11xxx/CVE-2018-11272.json index abec95ccea4..336bed734f3 100644 --- a/2018/11xxx/CVE-2018-11272.json +++ b/2018/11xxx/CVE-2018-11272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11456.json b/2018/11xxx/CVE-2018-11456.json index fc0c80eea02..800d3d8fcb5 100644 --- a/2018/11xxx/CVE-2018-11456.json +++ b/2018/11xxx/CVE-2018-11456.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Automation License Manager 5", - "version" : { - "version_data" : [ - { - "version_value" : "Automation License Manager 5 : All versions < 5.3.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284: Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automation License Manager 5", + "version": { + "version_data": [ + { + "version_value": "Automation License Manager 5 : All versions < 5.3.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf" - }, - { - "name" : "105114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105114" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11506.json b/2018/11xxx/CVE-2018-11506.json index a7da747d440..566d4c84b8a 100644 --- a/2018/11xxx/CVE-2018-11506.json +++ b/2018/11xxx/CVE-2018-11506.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" - }, - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe" - }, - { - "name" : "https://twitter.com/efrmv/status/1001574894273007616", - "refsource" : "MISC", - "url" : "https://twitter.com/efrmv/status/1001574894273007616" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "USN-3752-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-1/" - }, - { - "name" : "USN-3752-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-2/" - }, - { - "name" : "USN-3752-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-3/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3752-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-2/" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" + }, + { + "name": "https://twitter.com/efrmv/status/1001574894273007616", + "refsource": "MISC", + "url": "https://twitter.com/efrmv/status/1001574894273007616" + }, + { + "name": "USN-3752-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-3/" + }, + { + "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe" + }, + { + "name": "USN-3752-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11982.json b/2018/11xxx/CVE-2018-11982.json index 4665846b122..cba002db9cf 100644 --- a/2018/11xxx/CVE-2018-11982.json +++ b/2018/11xxx/CVE-2018-11982.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free in LTE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free in LTE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3117.json b/2018/3xxx/CVE-2018-3117.json index ae1c44ea269..6071b1b0dc2 100644 --- a/2018/3xxx/CVE-2018-3117.json +++ b/2018/3xxx/CVE-2018-3117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3310.json b/2018/3xxx/CVE-2018-3310.json index 2bb0c128ba2..1bc47736acd 100644 --- a/2018/3xxx/CVE-2018-3310.json +++ b/2018/3xxx/CVE-2018-3310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3310", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3310", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3675.json b/2018/3xxx/CVE-2018-3675.json index c2ce2194361..8a5ae0cb5c8 100644 --- a/2018/3xxx/CVE-2018-3675.json +++ b/2018/3xxx/CVE-2018-3675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3836.json b/2018/3xxx/CVE-2018-3836.json index 60122e36113..2e04d1b59e1 100644 --- a/2018/3xxx/CVE-2018-3836.json +++ b/2018/3xxx/CVE-2018-3836.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-22T00:00:00", - "ID" : "CVE-2018-3836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Leptonica", - "version" : { - "version_data" : [ - { - "version_value" : "1.74.4" - } - ] - } - } - ] - }, - "vendor_name" : "Dan Bloomberg" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "arbitrary code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-22T00:00:00", + "ID": "CVE-2018-3836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leptonica", + "version": { + "version_data": [ + { + "version_value": "1.74.4" + } + ] + } + } + ] + }, + "vendor_name": "Dan Bloomberg" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180215 [SECURITY] [DLA 1284-1] leptonlib security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html" - }, - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180215 [SECURITY] [DLA 1284-1] leptonlib security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7456.json b/2018/7xxx/CVE-2018-7456.json index 169b876590e..700c7d25e08 100644 --- a/2018/7xxx/CVE-2018-7456.json +++ b/2018/7xxx/CVE-2018-7456.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html" - }, - { - "name" : "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html" - }, - { - "name" : "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2778", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2778" - }, - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/libtiff", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/libtiff" - }, - { - "name" : "DSA-4349", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4349" - }, - { - "name" : "USN-3864-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3864-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html" + }, + { + "name": "USN-3864-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3864-1/" + }, + { + "name": "DSA-4349", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4349" + }, + { + "name": "https://github.com/xiaoqx/pocs/tree/master/libtiff", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/libtiff" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2778", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2778" + }, + { + "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" + }, + { + "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8346.json b/2018/8xxx/CVE-2018-8346.json index 3efaa5fa78c..e255a051b12 100644 --- a/2018/8xxx/CVE-2018-8346.json +++ b/2018/8xxx/CVE-2018-8346.json @@ -1,113 +1,113 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka \"LNK Remote Code Execution Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346" - }, - { - "name" : "105028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105028" - }, - { - "name" : "1041473", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka \"LNK Remote Code Execution Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041473", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041473" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346" + }, + { + "name": "105028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105028" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8455.json b/2018/8xxx/CVE-2018-8455.json index a6c897460cc..8fd876b9a87 100644 --- a/2018/8xxx/CVE-2018-8455.json +++ b/2018/8xxx/CVE-2018-8455.json @@ -1,149 +1,149 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455" - }, - { - "name" : "105211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105211" - }, - { - "name" : "1041635", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041635", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041635" + }, + { + "name": "105211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105211" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8784.json b/2018/8xxx/CVE-2018-8784.json index 01a69793868..801fb962471 100644 --- a/2018/8xxx/CVE-2018-8784.json +++ b/2018/8xxx/CVE-2018-8784.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2018-10-22T00:00:00", - "ID" : "CVE-2018-8784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeRDP", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 2.0.0-rc4" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2018-10-22T00:00:00", + "ID": "CVE-2018-8784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeRDP", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.0.0-rc4" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7", - "refsource" : "CONFIRM", - "url" : "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7" - }, - { - "name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", - "refsource" : "CONFIRM", - "url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" - }, - { - "name" : "USN-3845-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3845-1/" - }, - { - "name" : "106938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106938" + }, + { + "name": "USN-3845-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3845-1/" + }, + { + "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", + "refsource": "CONFIRM", + "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + }, + { + "name": "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7", + "refsource": "CONFIRM", + "url": "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7" + } + ] + } +} \ No newline at end of file